email deliverabilityshopify emailshopify setup

Shopify Emails Going to Spam: How to Fix It (2026)

Shopify email deliverability setup with DNS authentication records fixing spam folder issues

Only 83.5% of emails worldwide reach the inbox, according to Validity's 2025 benchmark. For ecommerce, it's worse — retail and online stores sit at the bottom of inbox placement categories because of high send volumes and promotional content. If your Shopify order confirmations are landing in spam, your customers think their order didn't go through. They email support. They file chargebacks. Some just never come back.

If your Shopify emails are going to spam, the fix is almost always email authentication — three DNS records (SPF, DKIM, DMARC) that take 15 minutes to set up. Shopify doesn't prompt you to configure them, so most merchants never do.

Why Your Shopify Emails Land in Spam

In February 2024, Google and Yahoo started requiring email authentication for all senders. If your emails don't pass SPF, DKIM, and DMARC checks, inbox providers either send them to spam or reject them outright. Gmail tightened enforcement again in November 2025 — non-compliant emails now face temporary or permanent rejections, not just spam folder placement.

Two years after these requirements went live, roughly 30% of senders are still partially non-compliant on at least one protocol. Non-compliant senders see their spam rates jump from a normal 5-10% to 22-34%. That's one in three emails never reaching a customer's inbox.

Three specific things cause the problem for Shopify stores:

  • No SPF record — your domain doesn't tell Gmail that Shopify is allowed to send emails on your behalf
  • No DKIM signature — there's no cryptographic proof that the email wasn't tampered with in transit
  • No DMARC policy — inbox providers don't know what to do with unauthenticated emails, so they default to spam

If you're using a free email address (like @gmail.com) as your store's sender address, the problem is even worse. Gmail knows it didn't send that email, and it flags it immediately.

Step 1: Switch to a Custom Domain Email

Before touching DNS records, make sure your store sends from a branded email address — something like orders@yourstore.com, not yourname@gmail.com. Go to Settings > Notifications in your Shopify admin and check the "Sender email" field.

If you don't have email hosting for your domain yet, Shopify offers email forwarding for Shopify-managed domains. Third-party domain providers like Google Workspace or Zoho Mail work too. The point is: your sender address must match the domain you're about to authenticate.

Step 2: Authenticate Your Domain in Shopify

Shopify has a built-in domain authentication flow that handles SPF and DKIM together. Here's the exact process:

  1. Go to Settings > Notifications in your Shopify admin
  2. Find the Sender email section
  3. Click Email domain authentication
  4. Select Manual setup
  5. Shopify generates CNAME records — copy them exactly
  6. Log into your domain provider (GoDaddy, Cloudflare, Namecheap, etc.)
  7. Add each CNAME record to your DNS settings
  8. Go back to Shopify and click Verify

DNS changes can take up to 48 hours to propagate, though most complete within a few hours. Don't panic if verification fails immediately — check again the next day.

One common mistake: copying the CNAME records with a trailing period or extra space. Match them character for character. If verification keeps failing, compare what Shopify shows with what your DNS provider displays — they should be identical.

Step 3: Add a DMARC Record

Shopify's authentication flow covers SPF and DKIM, but it doesn't create a DMARC record for you. You need to add this yourself.

In your domain's DNS settings, create a new TXT record:

  • Name/Host: _dmarc
  • Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
  • TTL: Leave at default (usually 3600)

The p=none policy means you're monitoring only — inbox providers report what's happening but don't reject anything. Start here. After a few weeks of monitoring, you can tighten it to p=quarantine (send failures to spam) or p=reject (block them entirely).

Replace dmarc@yourdomain.com with an email address where you want to receive authentication reports. These reports are XML files that show which emails passed or failed — useful for catching problems early.

Step 4: Fix Your SPF Record if You Use Multiple Email Services

If you use Klaviyo, Mailchimp, Omnisend, or any other email service alongside Shopify, you probably need multiple SPF entries. The catch: you can only have one SPF record per domain. Multiple SPF records cause all of them to fail.

Check your existing SPF record first. If you already have one that says v=spf1 include:_spf.google.com ~all, don't create a second one. Instead, modify it to include both services:

v=spf1 include:_spf.google.com include:shops.shopify.com ~all

Common include values:

  • Shopify: include:shops.shopify.com
  • Klaviyo: include:send.klaviyo.com
  • Mailchimp: include:servers.mcsv.net
  • Google Workspace: include:_spf.google.com

Combine them all into a single SPF record. The ~all at the end stays — it tells inbox providers that any server not listed should be treated as suspicious.

Step 5: Separate Your Sending Domains

This step is optional but makes a real difference for stores sending both transactional and marketing emails. Transactional emails (order confirmations, shipping updates) have high open rates and low spam complaints. Marketing emails (promotions, newsletters) have lower engagement and higher unsubscribe rates.

When you send both types from the same domain, your marketing reputation drags down your transactional deliverability. A promotional blast with 2% spam complaints can push your next batch of order confirmations into spam.

The fix: use a subdomain for marketing. Send order confirmations from orders@yourstore.com and marketing from news@mail.yourstore.com. Configure SPF, DKIM, and DMARC on the subdomain separately. Most email platforms (Klaviyo, Omnisend, Shopify Email) support custom sending domains and walk you through the setup.

How Do You Test Shopify Email Deliverability?

After making DNS changes, don't just hope it worked. Test it.

  1. Send a test order — place a test order on your store and check where the confirmation lands in Gmail, Outlook, and Yahoo
  2. Use Mail Tester — send an email to the address on mail-tester.com and get a score out of 10. Anything above 8 is good. Below 6 means something's broken.
  3. Check your DMARC reports — after a few days, you'll start receiving XML reports showing pass/fail rates for your emails

If emails still land in spam after authentication, the problem might be content-related. Subject lines with all caps, excessive exclamation marks, or words like "FREE!!!" trigger spam filters regardless of authentication. Keep your email content clean and your unsubscribe link visible. For COD stores where order confirmation delivery is critical, adding WhatsApp order confirmations as a backup channel ensures customers always get their order details.

Clean Your Email List Quarterly

Authentication fixes the technical side. List hygiene fixes the reputation side. Every email you send to a dead address (hard bounce) or an unengaged subscriber hurts your sender reputation. Inbox providers track your bounce rate and engagement — if 10% of your emails bounce, the other 90% start getting filtered too.

Every three months, remove subscribers who haven't opened an email in 120 days. Remove hard bounces immediately — most email platforms do this automatically, but check. If you're migrating from another platform or importing a list, send to your most engaged segment first and expand gradually.

A 5,000-subscriber list with 40% open rates will always outperform a 50,000-subscriber list with 4% open rates. Inbox providers reward engagement. Smaller and active beats large and ignored. For a deeper look at choosing the right email platform, see our best Shopify email marketing apps comparison.

What to Do Right Now

Open your Shopify admin, go to Settings > Notifications, and check your sender email. If it's a Gmail or Yahoo address, switch to your custom domain. Then go to Email domain authentication and see if it says "Authenticated." If it doesn't, set up the CNAME records today. Add a DMARC TXT record while you're in your DNS settings. The whole process takes 15 minutes — the DNS propagation takes longer than the actual work.

Your order confirmations are the most important emails your store sends. Every one that lands in spam is a customer who doesn't know their order went through. Shopify emails going to spam is a fixable problem — set up authentication once, and it stays fixed permanently.